Abstract
The cyber supply chain arises as the emerging business model of today’s IT infrastructure in enterprise-level energy delivery system, which relies on different software or hardware vendors. Due to the heterogeneous services provided and various roles involved for each system entity to maintain the IT infrastructure, the attack surface expands dramatically, thus putting enterprise systems at high risks of data breaches or compromises. This paper firstly presents an overview of the typical cyber supply chain system, including system entities and processes, and then two attack scenarios are illustrated. Following the analysis of cyber supply chain security requirements and countermeasures, we integrate the power of blockchain technology that has a trustless and decentralized architecture, to the cyber supply chain to achieve reliability and accountability. A basic framework for blockchain assured energy delivery system is introduced as a case study to provide guidelines for future blockchain adoption in achieving provenance of cyber supply chain systems in any industries.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chainpoint: A scalable protocol for anchoring data in the blockchain and generating blockchain receipts. http://www.chainpoint.org/
Tierion API. https://tierion.com/app/api
Ethereum reaches 50 (2017). http://www.trustnodes.com/2017/05/17/ethereum-reaches-50-bitcoins-transaction-volumes
Abeyratne, S.A., Monfared, R.P.: Blockchain ready manufacturing supply chain using distributed ledger (2016)
Awaysheh, A., Klassen, R.D.: The impact of supply chain structure on the use of supplier socially responsible practices. Int. J. Oper. Prod. Manag. 30(12), 1246–1268 (2010)
Basnight, Z., Butts, J., Lopez, J., Dube, T.: Firmware modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 6(2), 76–84 (2013)
Boyson, S., Corsi, T.: Building a cyber supply chain assurance reference model (2009)
Brewster, C.: Semantic blockchains in the supply chain
Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)
Cert-UK: Cyber-security risks in the supply chain (2015). https://www.ncsc.gov.uk/content/files/protected_files/guidance_files/Cyber-security-risks-in-the-supply-chain.pdf
Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious hashing: a stealthy software integrity verification primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36415-3_26
Dhillon, V., Metcalf, D., Hooper, M.: The hyperledger project. Blockchain Enabled Applications, pp. 139–149. Apress, Berkeley, CA (2017). https://doi.org/10.1007/978-1-4842-3081-7_10
Douligeris, C., Mitrokotsa, A.: Ddos attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
English, S.M., Nezhadian, E.: Application of bitcoin data-structures & design principles to supply chain management. arXiv preprint arXiv:1703.04206 (2017)
Gallay, O., Korpela, K., Tapio, N., Nurminen, J.K.: A peer-to-peer platform for decentralized logistics. Epublication (2017)
Graunke, G., Rozas, C.: Method and apparatus for integrity verification, authentication, and secure linkage of software modules. US Patent 6,105,137, 15 August 2000. https://www.google.com/patents/US6105137
Group ESCSW, et al.: Roadmap to achieve energy delivery systems cybersecurity. Energetics Inc. (2011). https://energy.gov/oe/downloads/roadmap-achieve-energy-delivery-systems-cybersecurity-2011
Hardjono, T., Pentland, A.S.: Verifiable anonymous identities and access control in permissioned blockchains
Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21(3), 181–199 (1995)
Threat Intelligence: Dragonfly: cyber attacks on the energy sector (2017). https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks
Jon, B.: Integrating cybersecurity into supply chain risk management (2016). https://www.rsaconference.com/writable/presentations/file_upload/integrating_cybersecurity_into_supply_chain_risk_management.pdf
Jon, O.: Vmware and the need for cyber supply chain security assurance (2015). https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/vmware-esg-cyber-supply-chain-security-assurance-white-paper.pdf
Kaku, E.: Using blockchain to support provenance in the internet of things. Ph.D. thesis (2017)
Kim, H.M., Laskowski, M.: Towards an ontology-driven blockchain design for supply chain provenance (2016)
Kshetri, N.: 1 blockchain’s roles in meeting key supply chain management objectives. Int. J. Inf. Manag. 39, 80–89 (2018)
Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., Njilla, L.: ProvChain: a blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 468–477. IEEE Press (2017)
Liang, X., Zhao, J., Shetty, S., Li, D.: Towards data assurance and resilience in IoT using blockchain
Liang, X., Zhao, J., Shetty, S., Liu, J., Li, D.: Integrating blockchain for data sharing and collaboration in mobile healthcare applications
Mackey, T.K., Nayyar, G.: A review of existing and emerging digital technologies to combat the global trade in fake medicines. Expert Opin. Drug Saf. 16(5), 587–602 (2017)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Nicoletti, B.: The future: procurement 4.0. Agile Procurement, pp. 189–230. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-61085-6_8
Ornaghi, A., Valleri, M.: Man in the middle attacks. In: Blackhat Conference Europe (2003)
Sean, B., Earl, C., Erick, G., Christopher, M., Marshall, J.: Attack on critical infrastructure leverages template injection (2017). http://blog.talosintelligence.com/2017/07/template-injection.html
Seller, C., Murphy, J.: Cyber supply chain risk management (2017)
Shackleford, D.: Combatting cyber risks in the supply chain. SANS.org (2015)
Skipper, J.B., Hanna, J.B.: Minimizing supply chain disruption risk through enhanced flexibility. Int. J. Phys. Distrib. Logistics Manage. 39(5), 404–427 (2009)
National Institute of Standards and Technology: Cyber supply chain risk management (2017). https://csrc.nist.gov/projects/supply-chain-risk-management/
Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)
Tian, F.: A supply chain traceability system for food safety based on HACCP, blockchain & Internet of Things. In: 2017 International Conference on Service Systems and Service Management (ICSSSM), pp. 1–6. IEEE (2017)
Tomlin, B.: On the value of mitigation and contingency strategies for managing supply chain disruption risks. Manage. Sci. 52(5), 639–657 (2006)
Toyoda, K., Mathiopoulos, P.T., Sasase, I., Ohtsuki, T.: A novel blockchain-based product ownership management system (POMS) for anti-counterfeits in the post supply chain. IEEE Access (2017)
Urciuoli, L.: Cyber-resilience: a strategic approach for supply chain management. Technol. Innov. Manage. Rev. 5(4), 13 (2015)
Voyatzis, G., Pitas, I.: The use of watermarks in the protection of digital multimedia products. Proc. IEEE 87(7), 1197–1207 (1999)
Waalewijn, D.: Cyber security in the supply chain of industrial embedded devices (2014)
William, J.: RSA confirms its tokens used in Lockheed hack (2011)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151 (2014)
Wu, H., Li, Z., King, B., Ben Miled, Z., Wassick, J., Tazelaar, J.: A distributed ledger for supply chain physical distribution visibility. Information 8(4), 137 (2017)
Xu, L., Chen, L., Gao, Z., Lu, Y., Shi, W.: CoC: secure supply chain management system based on public ledger. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp. 1–6. IEEE (2017)
Acknowledgment
This material is based on upon work supported by the Department of Energy under Award Number DE-OE0000780 and Office of the Assistant Secretary of Defense for Research and Engineering agreement FA8750-15-2-0120. The work was also supported by a grant from the National Key R&D Program of China (2016YFB0800500).
Disclaimer
This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Liang, X., Shetty, S., Tosh, D., Ji, Y., Li, D. (2018). Towards a Reliable and Accountable Cyber Supply Chain in Energy Delivery System Using Blockchain. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-01704-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-01704-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01703-3
Online ISBN: 978-3-030-01704-0
eBook Packages: Computer ScienceComputer Science (R0)